irssi denial of service
| irssi-dos (13973) |  Low Risk |
Description:
irssi is vulnerable to a denial of service. If irssi is running on a system that requires memory alignmentation and the nicklist.pl or tab_stop.pl script is running, which contains the "gui print text" signal, a remote attacker could use this vulnerability to crash the irssi client.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of irssi (0.8.9 or later), available from the irssi Web site. See References.
For Mandrake Linux:
Upgrade to the latest irssi package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2003:117 : irssi for more information. See References.
Mandrake Linux 9.1: 0.8.9-0.1.91mdk or later
Mandrake Linux 9.2: 0.8.9-0.1.92mdk or later
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- BugTraq Mailing List, Wed Dec 10 2003 - 18:44:12 CST : irssi - potential remote crash.
- irssi Web site: Download.
- BID-9201: IRSSI Remote Denial of Service Vulnerability
- CVE-2003-1020: The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
- MDKSA-2003:117: Updated irssi packages fix remote crash
Platforms Affected:
- irssi irssi prior to 0.8.9
- MandrakeSoft Mandrake Linux 9.1
- MandrakeSoft Mandrake Linux 9.2
Reported:
Dec 10, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net